Globy – Privacy Policy

Zace Tech OÜ ("Globy", "we"), address: Ahtri tn 12, 15551 Tallinn, Estonia, is the data controller for personal data processed via Globy websites and the Globy eSIM app. Contact: info@globyteam.com.

We process personal data under the EU GDPR and applicable laws, based on:

• Contract performance (provide the Service, process purchases, support)
• Legitimate interests (security, fraud prevention, service analytics)
• Consent (marketing emails/push, certain analytics/cookies)
• Legal obligations (tax, accounting, compliance)

Where applicable to Turkish users, we also consider KVKK requirements.

You provide: email, name/surname (if provided), country/region (if provided), support messages.

Automatically collected: device model/OS, app version, IP address, approximate location (via IP), usage/analytics events, crash logs, transaction metadata (e.g., transaction ID, currency, status).

Advertising & analytics identifiers: Advertising and analytics identifiers, including the mobile advertising identifier (Apple IDFA / Google Advertising ID) where you have granted tracking permission, the Facebook SDK anonymous identifier, and similar identifiers used by our analytics and marketing partners for attribution and frequency capping.

Payments: We do not store card data. Payment credentials are handled by PayPal. We receive limited metadata for reconciliation and fraud prevention.

eSIM & orders: order details (destination, plan size/days, price, currency, timestamps), status, usage counters provided by Supplier where applicable.

Children & Accounts. Accounts must be created by individuals 18+. Minors may use the Service only under a parent/guardian account. We do not knowingly solicit data directly from children.

• Account creation and authentication
• Purchase processing and delivery of eSIM plans
• Fraud prevention and security
• Customer support and service communications
• Service analytics and product improvement
• Marketing communications only with consent

We use third-party SDKs including the Facebook SDK (Meta Platforms) for advertising measurement and attribution, Google Firebase SDKs for analytics and crash reporting, and similar technologies for essential operations, performance analytics and (where consented) marketing attribution. On iOS, advertising identifiers are only accessed if you grant App Tracking Transparency (ATT) permission. On Android, you can reset or limit the Advertising ID via your device settings. Some features may not function without certain cookies/SDKs.

We share data with trusted processors only as needed to provide the Service:

• Google Cloud / Firebase (GCP) – hosting, database, analytics, crash reporting
• PayPal – payment processing (incl. Apple Pay, Google Pay, and debit/credit cards via PayPal Advanced Card Fields)
• Postmark – transactional email delivery
• Meta Platforms, Inc. (Facebook/Instagram) – advertising measurement, attribution and audience targeting via the Facebook SDK (mobile app events) and Conversions API (server-side events). Data shared includes: app install/launch events, in-app actions (registration, checkout, purchases), purchase amounts and currency, hashed email and name (where you have provided them), hashed user identifier, IP address, user agent, mobile advertising identifier (IDFA on iOS / Advertising ID on Android, only where you have granted tracking permission), and device platform information.
• Telecom Suppliers – to activate and maintain your eSIM plan where required by the Supplier
• Anti‑fraud & compliance tools (where applicable) – to prevent abuse and comply with legal obligations

Some providers may process data outside the EEA. Where such transfers occur, we rely on GDPR‑compliant safeguards (e.g., Standard Contractual Clauses) and implement appropriate technical and organizational measures.

• Account data: life of the account + up to 24 months
• Transaction/financial records: 7 years (legal obligations)
• Support tickets: up to 24 months after closure
• Analytics events: typically 18–24 months in aggregated form

We may anonymize or aggregate data for longer retention.

Subject to GDPR and local laws, you have the right to access, rectify, erase, restrict, object, and data portability; and to withdraw consent at any time (for consent‑based processing). You also have the right to lodge a complaint with your local authority or the Estonian Data Protection Inspectorate. To exercise rights: info@globyteam.com.

Mobile tracking preferences. On iOS devices, you can revoke or grant App Tracking Transparency (ATT) permission at any time via Settings → Privacy & Security → Tracking → Globy. On Android devices, you can reset or opt out of personalized ads via Settings → Google → Ads. Withdrawing tracking consent may reduce the relevance of advertising you see but will not affect your access to the Service.

The Service is not directed to children. Users under 18 should use the Service under parental supervision via a guardian account. We do not knowingly collect data directly from children.

We apply appropriate administrative, technical and organizational measures (access controls, encryption in transit/at rest where supported by our providers, and least‑privilege access). No method of transmission or storage is 100% secure.

We send marketing emails/push only with your consent. You can opt out at any time via in‑app settings or the unsubscribe link. Transactional messages (e.g., receipts, service notices) are still sent.

We may update this Policy. The latest version will be available in‑app/website with an updated effective date.

Contact (Data Protection): info@globyteam.com